apk混淆打包注意事項

混淆打包搞了好幾天才初步了解，其中碰到很多Debug正常，Release的apk不能用，基本都是第三方的jar的問題，所以要排除混淆。

1. Json解析對象出錯

用到fastJson或者GJson的apk混淆編碼時要加上這句：

-keepattributes Signature

2.百度地圖不能用，注意添加下面的語句

-libraryjars libs/baidumapapi_v2_1_0.jar #替換成自己所用版本的jar包
-keep class com.baidu.** { *; }  
-keep class vi.com.gdi.bgl.android.**{*;}

3.融雲IM

-keep class io.rong.imkit.** {*;}
-keep class io.rong.imlib.** {*;}
-keepattributes Exceptions,InnerClasses
-dontwarn io.rong.**
-keep class io.rong.** {*;}
-keep public class com.yourpackage.R** {*;} #自己的包名
-keep class *.R$ { *; } 

4.保持自定義的View不混淆

-keepclasseswithmembers class * {            # 保持自定義控件類不被混淆  
    public <init>(android.content.Context, android.util.AttributeSet);  
}  
  
-keepclasseswithmembers class * {            # 保持自定義控件類不被混淆  
    public <init>(android.content.Context, android.util.AttributeSet, int);  
}

可以把自定義的View放入一個包。然后排除掉這個包。

5.其他第三方的jar包

-dontwarn org.apache.http.**
-keep class org.apache.http.**  {*;}
-dontwarn com.ant.liao.**
-keep class com.ant.liao.**  {*;}
-dontwarn org.json.**
-keep class org.json.**  {*;}
-dontwarn pl.droidsonroids.gif.**
-keep class pl.droidsonroids.gif.**  {*;}
-dontwarn com.cmcc.analytics.**
-keep class com.cmcc.analytics.**  {*;}
-keep class android.**  {*;}

6.Log文件

-assumenosideeffects
class android.util.Log
 {
    public static ***
 e(...);
    public static ***
 w(...);
    public static ***
 wtf(...);
    public static ***
 d(...);
    public static ***
 v(...);

7.還有就是自定義的實體類，bean或者Entity。因為它們基本都是序列化的。

我的體會：序列化和用到反射機制的都不能混淆。

 

這篇文章有一個比較好的版本Android 混淆打包標准proguard 配置

# To enable ProGuard in your project, edit project.properties
# to define the proguard.config property as described in that file.
#
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in ${sdk.dir}/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the ProGuard
# include property in project.properties.
#
# For more details, see
#   http://developer.android.com/guide/developing/tools/proguard.html

# Add any project specific keep options here:

# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
#   public *;
# 指定代碼的壓縮級別
-optimizationpasses 5
# 是否使用大小寫混合
-dontusemixedcaseclassnames
# 是否混淆第三方jar
-dontskipnonpubliclibraryclasses
# 混淆時是否做預校驗
-dontpreverify
# 混淆時是否記錄日志
-verbose
# 混淆時所采用的算法
-optimizations !code/simplification/arithmetic,!field/*,!class/merging/*
#-ignorewarnings

-libraryjars libs/android-support-v4.jar
-libraryjars libs/baidumapapi_v3_0_0.jar
-libraryjars libs/commons-codec.jar
-libraryjars libs/commons-httpclient-3.1.jar
-libraryjars libs/gson-2.2.2.jar
-libraryjars libs/httpmime-4.2.jar
-libraryjars libs/locSDK_3.1.jar
-libraryjars libs/ShareSDK-Core-2.3.9.jar
-libraryjars libs/ShareSDK-QQ-2.3.9.jar
-libraryjars libs/ShareSDK-SinaWeibo-2.3.9.jar

# 保持哪些類不被混淆
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.backup.BackupAgentHelper
-keep public class * extends android.preference.Preference
-keep public class com.android.vending.licensing.ILicensingService

#gson解析不被混淆
-keep class com.google.**{*;}
-keepclassmembers class * implements java.io.Serializable {
    static final long serialVersionUID;
    private static final java.io.ObjectStreamField[] serialPersistentFields;
    private void writeObject(java.io.ObjectOutputStream);
    private void readObject(java.io.ObjectInputStream);
    java.lang.Object writeReplace();
    java.lang.Object readResolve();
}
##---------------Begin: proguard configuration for Gson  ----------
# Gson uses generic type information stored in a class file when working with fields. Proguard
# removes such information by default, so configure it to keep all of it.
-keepattributes Signature  
# Gson specific classes
-keep class sun.misc.Unsafe {*;}
#-keep class com.google.gson.stream.** {*;}  
# Application classes that will be serialized/deserialized over Gson
-dontwarn com.u14studio.entity.** 
-keep class com.u14studio.entity.**{*;} 
##---------------End: proguard configuration for Gson  ----------
#shareSDK、
-keep class cn.sharesdk.**{*;}
-keep class com.sina.**{*;}
-keep class **.R$* {*;}
-keep class **.R{*;}
-dontwarn cn.sharesdk.**
-dontwarn **.R$*
-keep class m.framework.**{*;}
#shareSDK結束

#百度地圖不混淆
-dontwarn com.baidu.** 
-keep class com.baidu.**{*;}
-keep class vi.com.gdi.bgl.android.**{*;}
-keep class android.content.Context.getExternalFilesDirs
-keep public class * extends android.content.Context.getExternalFilesDirs
#百度地圖不混淆結束

-dontwarn org.apache.**
-keep class org.apache.**{*;}
-dontwarn android.support-v4.**
-keep class android.support-v4.**{*;}
-dontwarn com.alipay.android.app.**
-keep class com.alipay.android.app.**{*;}

下面就是些閑話了，是自己解決問題時寫的記錄，也一並留着吧。參照的文章都寫上了，謝謝大家的分享。也謝謝QQ群里某位熱心人的幫助。

今天遇到一個很奇怪的問題，混淆打包導致的，至今沒明白為什么。主要現象是一個實現parcelable的UserBean，數據成員包含一個UserTag的list對象，后者也實現了parcel接口，然后就是利用json與服務器之間傳遞值。當不設置標簽時，一切OK，只要設置標簽，就會報錯，錯誤只能定位到這個轉化問題。

java.lang.ClassCastException: com.alibaba.fastjson.JSONObject cannot be cast to com.cmcc.wepa.bean.UserTagBean

查看了代碼，轉化是沒有問題的啊

    public void run()
    {
        super.run();
        Message resultMsg = mHandler.obtainMessage();
        HashMap<String, String> param = new HashMap<String, String>();
        param.put("userId", mUserId);
        // 獲取返回
        String jsonStr = null;
        // 返回參數
        try
        {
            jsonStr = NetworkManager.getInstance().httpConnectOpt(
                    Constant.URL_USER_GET_INTO, param);
            // 將字符串轉換成jsonObject對象
            JSONObject jsonObject = new JSONObject();
            jsonObject = JSONObject.parseObject(jsonStr);
            String result = jsonObject.getString("result");
            LogUtil.d(jsonObject);
            LogUtil.d(result);
            Bundle data = null;
            if (result != null && result.length() != 0)
            {
                // 獲取返回參數
                UserBean bean = JSON.parseObject(result, UserBean.class);
                LogUtil.d(bean);
                LogUtil.d(bean.getTags());
                data = new Bundle();
                data.putParcelable("result", bean);
            }

            // 獲取返值
            String code = (String) jsonObject.get("code");
            if ("0".equals(code))
            {

                resultMsg.what = 1;
                resultMsg.setData(data);
            } else if ("1".equals(code))
            {

                resultMsg.what = -1;

            }
        } catch (Exception e)
        {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

 但是不混淆編碼或者Debug的包都是好用的，標簽一直OK。

難道是parcelable對象之中嵌套parcelable對象成員會有問題嗎？還是忘記了什么keep。

mark一下，懸而未決。

其中在$sdk_dir$\tools\proguard\proguard-android.txt,里面吧基本的keep都定義好了，工程自己的在proguard-project.txt中定義。

這里原來理解錯了嗎？看到這篇文說是要把proguard-android.txt中的copy到proguard-project.txt中，個人感覺不用，應該會自動讀取，個人驗證確實沒有影響。

Android代碼混淆-添加了Gson遇到的問題

這篇文章則詳細介紹了常用的各個字段的意義。Android proguard 詳解

折騰了倆天還是沒效果，最后參照上面CSDN解決Gson的方法，我的是fastJson，然后可能是Parcel出了問題，加上下面的排除混淆。

-keepclassmembers class * implements android.os.Parcel { public *;}
-dontwarn com.cmcc.wepa.bean.**
-keep class com.cmcc.wepa.bean.**  {*;}
-keepattributes Signature

打包，竟然好用了。還是因為不理解造成很多彎路，哈哈，解決了就好，雖然還是懵懵懂懂的，但有了一些印象。
也就是說實現Parcel或者Seriallizable的對象一定不要混淆，連同它們的接口對象一起排除混淆。大概就是這樣。估計一般實體類不混淆。

還有個問題就是必須加上-keepattributes Signature，不加這句我的apk也不好用，有的blog說：
當有注解的時候

1. -keepattributes Signature  
2. -keepattributes *Annotation* 

加上上面兩句減少錯誤。最后還有個總結的還可以的 Android 混淆代碼總結
下面給出我的proguard-project.txt

后記：經過N次嘗試，發現這句也沒有用，去掉后不會報錯，不過加上更好吧~呵呵
-keepclassmembers class * implements android.os.Parcel { public *;}
-libraryjars libs/fastjson-1.2.3.jar
其實，最后就是神奇的-keepattributes Signature的作用。不明白的還有很多啊。

# To enable ProGuard in your project, edit project.properties
# to define the proguard.config property as described in that file.
#
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in ${sdk.dir}/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the ProGuard
# include property in project.properties.
#
# For more details, see
#   http://developer.android.com/guide/developing/tools/proguard.html

# Add any project specific keep options here:
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:

-keepclassmembers class * implements android.os.Parcel { public *;}

# the third-party library
-libraryjars libs/fastjson-1.2.3.jar
-dontwarn net.tsz.afinal.**
-keep class net.tsz.afinal.**  {*;}
-dontwarn com.alibaba.fastjson.**
-keep class com.alibaba.fastjson.** { *; }

-dontwarn com.baidu.**
-keep class com.baidu.**  {*;}
-dontwarn io.rong.**
-keep class io.rong.**  {*;}
-dontwarn org.apache.http.**
-keep class org.apache.http.**  {*;}
-dontwarn com.ant.liao.**
-keep class com.ant.liao.**  {*;}
-dontwarn org.json.**
-keep class org.json.**  {*;}
-dontwarn pl.droidsonroids.gif.**
-keep class pl.droidsonroids.gif.**  {*;}
-dontwarn com.cmcc.analytics.**
-keep class com.cmcc.analytics.**  {*;}
-keep class android.**  {*;}

-dontwarn com.my.bean.**
-keep class com.my.bean.**  {*;}
-keepattributes Signature

-assumenosideeffects
class android.util.Log
 {
    public static ***
 e(...);
    public static ***
 w(...);
    public static ***
 wtf(...);
    public static ***
 d(...);
    public static ***
 v(...);
}